Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
3
Replies

Help: Reason 412: VPN Client cant connect

akunwar
Level 1
Level 1

‎09-26-2004 10:59 AM - edited ‎02-21-2020 01:21 PM

Hi,

I am trying to connect to PIX firewall using Cisco VPN Client 4.0.3.

When I try to connect it, after typing user name and password, its

says "

Secure VPN connection is terminated locally by the client

Reason 412: The remote peer is no longer responding."

The portion of a log file is as under:

1 14:49:40.769 09/26/04 Sev=Info/4 CM/0x63100002

Begin connection process

2 14:49:41.029 09/26/04 Sev=Info/4 CVPND/0xE3400001

Microsoft IPSec Policy Agent service stopped successfully

3 14:49:41.029 09/26/04 Sev=Info/4 CM/0x63100004

Establish secure connection using Ethernet

4 14:49:41.099 09/26/04 Sev=Info/4 CM/0x63100024

Attempt connection with server "105.179.139.34"

5 14:49:42.101 09/26/04 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with 105.179.139.34.

6 14:49:42.281 09/26/04 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd),

VID(Nat-T), VID(Frag), VID(Unity)) to 105.179.139.34

7 14:49:42.291 09/26/04 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

8 14:49:42.291 09/26/04 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

9 14:49:42.561 09/26/04 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 105.179.139.34

10 14:49:42.561 09/26/04 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK AG (SA, VID(Xauth), VID(dpd), VID(Unity),

The complete log file is attached.

The firewall config is attached.

Please help me to fix whats I am doing wrong.

Thanks alot for your help.

Asif.

Labels:
Preview file
9 KB
Preview file
6 KB
0 Helpful
3 Replies 3

ehirsel
Level 6
Level 6

‎09-26-2004 05:15 PM

At the pix, please run a show version and the debug isakmp commands and post the results here. I want to know if your pix code is at the 6.3.3 level and if it supports AES (the show ver will tell me that). The debug isakmp commands will aid in determining why the no proposal chosen appears in the vpn client log file.

0 Helpful

akunwar
Level 1
Level 1
In response to ehirsel

‎09-27-2004 05:46 AM

Hi,

Thanks for your reply. I have attached the output of these two commands.

Regards,

Asif.

Preview file
9 KB
0 Helpful

ehirsel
Level 6
Level 6
In response to akunwar

‎09-28-2004 04:04 PM

The debug indicates that the phase 1 sa's are established correctly. We need to determine if the error is in IPSec SA (phase 2) or in user authentication. How is the pix configured to authenticate remote access vpn clients? Local db or using an external AAA system?

Please run a debug crypto ipsec the debug aaa authentication commands and post the results here.

0 Helpful
Customers Also Viewed These Support Documents